Facebook password changed? Malware attack poses as message from Facebook support

Repeat after me: It’s “Facebook”, not “FaceBook”.

Learn that lesson and it can be one of the tricks you can use to protect yourself against a spammed-out malware campaign, which tries to trick you into believing that Facebook support has changed your password.

Computer users are receiving emails claiming that the popular social network has automatically changed their password to secure their account.

Here’s a typical message:

Sign up to our free newsletter.
Security news, advice, and tips.

Fake Facebook support message. Dear user of FaceBook

Dear user of FaceBook.

Your password is not safe!
To secure your account the password has been changed automatically.

Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Administration of Facebook.

Your alarm bells should be ringing instantly when you receive this message for a number of reason, not least that it can’t decide if it’s “Facebook” or “FaceBook”, but also because why would Facebook ever email you an attachment? And why are they being so impersonal and not using your name?

Subject lines used in this malicious campaign include “Facebook. Your password has been changed! [NUMBER]” and “Facebook. The new password to your account. [NUMBER]” and even “Facebook Support. Personal data has been changed! [NUMBER]”, and in each case the email is accompanied by an attached zip file which pretends to contain the new password.

However, the real payload of the file is to infect your Windows computer with Mal/Zbot-AV. Sophos users are protected against the threat proactively, and we also detect the ZIP file itself as Mal/BredoZp-B.

So, just because an email claims to hail from [email protected], [email protected] or [email protected], realise that its headers could have been forged – and don’t blindly follow its instructions unless you’re absolutely certain it’s legitimate.

Perhaps the easiest thing to do if you’re told your Facebook password has been changed, is try to log into Facebook to see if it’s true or not?

You can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.